From 29cf84c6925734b1a1e2b00bf688de76d1d18113 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 12 Jul 2006 12:31:30 +0000 Subject: [PATCH] New docs for EVP_Digest{Sign,Verify}*() function. Update existing docs. --- crypto/evp/bio_md.c | 10 +--- crypto/evp/evp.h | 7 +-- doc/crypto/BIO_f_md.pod | 6 ++ doc/crypto/EVP_DigestSignInit.pod | 87 +++++++++++++++++++++++++++++ doc/crypto/EVP_DigestVerifyInit.pod | 82 +++++++++++++++++++++++++++ doc/crypto/EVP_PKEY_verify.pod | 10 ++-- doc/crypto/EVP_SignInit.pod | 9 +++ doc/crypto/EVP_VerifyInit.pod | 9 +++ 8 files changed, 203 insertions(+), 17 deletions(-) create mode 100644 doc/crypto/EVP_DigestSignInit.pod create mode 100644 doc/crypto/EVP_DigestVerifyInit.pod diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c index 76ff9fe815..a6d35d8bda 100644 --- a/crypto/evp/bio_md.c +++ b/crypto/evp/bio_md.c @@ -192,13 +192,9 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr) ret=0; break; case BIO_C_GET_MD_CTX: - if (b->init) - { - pctx=ptr; - *pctx=ctx; - } - else - ret=0; + pctx=ptr; + *pctx=ctx; + b->init = 1; break; case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index be16b5ecee..dea6a40431 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -453,11 +453,8 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) #define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) #define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) -#define EVP_SignDigestUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -#define EVP_VerifyDigestUpdate(a,b,c) EVP_DigestUpdate(a,b,c) - -#define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -#define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) #ifdef CONST_STRICT void BIO_set_md(BIO *,const EVP_MD *md); diff --git a/doc/crypto/BIO_f_md.pod b/doc/crypto/BIO_f_md.pod index 0d24083e6d..e49b652a78 100644 --- a/doc/crypto/BIO_f_md.pod +++ b/doc/crypto/BIO_f_md.pod @@ -58,6 +58,12 @@ If an application needs to call BIO_gets() or BIO_puts() through a chain containing digest BIOs then this can be done by prepending a buffering BIO. +Before OpenSSL 0.9.9 the call to BIO_get_md_ctx() would only work if the BIO +had been initialized for example by calling BIO_set_md() ). In OpenSSL +0.9.9 and later the context is always returned and the BIO is state is set +to initialized. This allows applications to initialize the context externally +if the standard calls such as BIO_set_md() are not sufficiently flexible. + =head1 RETURN VALUES BIO_f_md() returns the digest BIO method. diff --git a/doc/crypto/EVP_DigestSignInit.pod b/doc/crypto/EVP_DigestSignInit.pod new file mode 100644 index 0000000000..b8a39191e6 --- /dev/null +++ b/doc/crypto/EVP_DigestSignInit.pod @@ -0,0 +1,87 @@ +=pod + +=head1 NAME + +EVP_DigestSignInit, EVP_DigestSignUpdate, EVP_DigestSignFinal - EVP signing functions + +=head1 SYNOPSIS + + #include + + int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); + int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); + int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen); + +=head1 DESCRIPTION + +The EVP signature routines are a high level interface to digital signatures. + +EVP_DigestSignInit() sets up signing context B to use digest B from +ENGINE B and private key B. B must be initialized with +EVP_MD_CTX_init() before calling this function. If B is not NULL the +EVP_PKEY_CTX of the signing operation will be written to B<*pctx>: this can +be used to set alternative signing options. + +EVP_DigestSignUpdate() hashes B bytes of data at B into the +signature context B. This function can be called several times on the +same B to include additional data. This function is currently implemented +usig a macro. + +EVP_DigestSignFinal() signs the data in B places the signature in B. +If B is B then the maximum size of the output buffer is written to +the B parameter. If B is not B then before the call the +B parameter should contain the length of the B buffer, if the +call is successful the signature is written to B and the amount of data +written to B. + +=head1 RETURN VALUES + +EVP_DigestSignInit() EVP_DigestSignUpdate() and EVP_DigestSignaFinal() return +1 for success and 0 or a negative value for failure. In particular a return +value of -2 indicates the operation is not supported by the public key +algorithm. + +The error codes can be obtained from L. + +=head1 NOTES + +The B interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. + +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that "clone" digests such as EVP_dss1() +needed to be used to sign using SHA1 and DSA. This is no longer necessary and +the use of clone digest is now discouraged. + +For some key types and parameters the random number generator must be seeded +or the operation will fail. + +The call to EVP_DigestSignFinal() internally finalizes a copy of the digest +context. This means that calls to EVP_DigestSignUpdate() and +EVP_DigestSignFinal() can be called later to digest and sign additional data. + +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +will occur. + +The use of EVP_PKEY_size() with these functions is discouraged because some +signature operations may have a signature length which depends on the +parameters set. As a result EVP_PKEY_size() would have to return a value +which indicates the maximum possible signature for any set of parameters. + +=head1 SEE ALSO + +L, +L, L, +L, L, L, +L, L, L, +L, L + +=head1 HISTORY + +EVP_DigestSignInit(), EVP_DigestSignUpdate() and EVP_DigestSignFinal() +were first added to OpenSSL 0.9.9. + +=cut diff --git a/doc/crypto/EVP_DigestVerifyInit.pod b/doc/crypto/EVP_DigestVerifyInit.pod new file mode 100644 index 0000000000..56b83b2df2 --- /dev/null +++ b/doc/crypto/EVP_DigestVerifyInit.pod @@ -0,0 +1,82 @@ +=pod + +=head1 NAME + +EVP_DigestVerifyInit, EVP_DigestVerifyUpdate, EVP_DigestVerifyFinal - EVP signature verification functions + +=head1 SYNOPSIS + + #include + + int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); + int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); + int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen); + +=head1 DESCRIPTION + +The EVP signature routines are a high level interface to digital signatures. + +EVP_DigestVerifyInit() sets up verification context B to use digest +B from ENGINE B and public key B. B must be initialized +with EVP_MD_CTX_init() before calling this function. If B is not NULL the +EVP_PKEY_CTX of the verification operation will be written to B<*pctx>: this +can be used to set alternative verification options. + +EVP_DigestVerifyUpdate() hashes B bytes of data at B into the +verification context B. This function can be called several times on the +same B to include additional data. This function is currently implemented +using a macro. + +EVP_DigestVerifyFinal() verifies the data in B against the signature in +B of length B. + +=head1 RETURN VALUES + +EVP_DigestVerifyInit() and EVP_DigestVerifyUpdate() return 1 for success and 0 +or a negative value for failure. In particular a return value of -2 indicates +the operation is not supported by the public key algorithm. + +Unlike other functions the return value 0 from EVP_DigestVerifyFinal() only +indicates that the signature did not not verify successfully (that is tbs did +not match the original data or the signature was of invalid form) it is not an +indication of a more serious error. + +The error codes can be obtained from L. + +=head1 NOTES + +The B interface to digital signatures should almost always be used in +preference to the low level interfaces. This is because the code then becomes +transparent to the algorithm used and much more flexible. + +In previous versions of OpenSSL there was a link between message digest types +and public key algorithms. This meant that "clone" digests such as EVP_dss1() +needed to be used to sign using SHA1 and DSA. This is no longer necessary and +the use of clone digest is now discouraged. + +For some key types and parameters the random number generator must be seeded +or the operation will fail. + +The call to EVP_DigestVerifyFinal() internally finalizes a copy of the digest +context. This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can +be called later to digest and verify additional data. + +Since only a copy of the digest context is ever finalized the context must +be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak +will occur. + +=head1 SEE ALSO + +L, +L, L, +L, L, L, +L, L, L, +L, L + +=head1 HISTORY + +EVP_DigestVerifyInit(), EVP_DigestVerifyUpdate() and EVP_DigestVerifyFinal() +were first added to OpenSSL 0.9.9. + +=cut diff --git a/doc/crypto/EVP_PKEY_verify.pod b/doc/crypto/EVP_PKEY_verify.pod index 782de101ef..d34ae8b364 100644 --- a/doc/crypto/EVP_PKEY_verify.pod +++ b/doc/crypto/EVP_PKEY_verify.pod @@ -34,11 +34,11 @@ context if several operations are performed using the same parameters. =head1 RETURN VALUES -EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification -was successful and 0 if it failed. Unlike other functions the return value -0 only indicates that the signature did not not verify successfully (that is -tbs did not match the original data or the signature was of invalid form) -it is not an indication of a more serious error. +EVP_PKEY_verify_init() and EVP_PKEY_verify() return 1 if the verification was +successful and 0 if it failed. Unlike other functions the return value 0 from +EVP_PKEY_verify() only indicates that the signature did not not verify +successfully (that is tbs did not match the original data or the signature was +of invalid form) it is not an indication of a more serious error. A negative value indicates an error other that signature verification failure. In particular a return value of -2 indicates the operation is not supported by diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod index b6e62ce7f6..620a623ab6 100644 --- a/doc/crypto/EVP_SignInit.pod +++ b/doc/crypto/EVP_SignInit.pod @@ -77,6 +77,15 @@ will occur. Older versions of this documentation wrongly stated that calls to EVP_SignUpdate() could not be made after calling EVP_SignFinal(). +Since the private key is passed in the call to EVP_SignFinal() any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through EVP_SignUpdate(). + +It is not possible to change the signing parameters using these function. + +The previous two bugs are fixed in the newer EVP_SignDigest*() function. + =head1 SEE ALSO L, diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod index b6afaedee5..9097f09410 100644 --- a/doc/crypto/EVP_VerifyInit.pod +++ b/doc/crypto/EVP_VerifyInit.pod @@ -67,6 +67,15 @@ will occur. Older versions of this documentation wrongly stated that calls to EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal(). +Since the public key is passed in the call to EVP_SignFinal() any error +relating to the private key (for example an unsuitable key and digest +combination) will not be indicated until after potentially large amounts of +data have been passed through EVP_SignUpdate(). + +It is not possible to change the signing parameters using these function. + +The previous two bugs are fixed in the newer EVP_VerifyDigest*() function. + =head1 SEE ALSO L, -- 2.25.1